I am trying to test SSL pass-thru with Istio/envoy ingress as I was able to achieve it with nginx ingress controller. So I created a nginx https deployment and tested the deployment/pod/service works.
However, when I run this as usual, kubectl apply -f <(istioctl kube-inject -f ~/nginx/nginx-app.yaml) the deployment doesn't proceed (so no pod is created).
It seems the volume & mount causing the issue. It seems Istio also trying to mount these.
spec:
volumes:
- name: secret-volume
secret:
secretName: nginxsecret
- name: configmap-volume
configMap:
name: nginxconfigmap
containers:
- image: nginx
imagePullPolicy: Always
name: nginx
ports:
- containerPort: 80
- containerPort: 443
volumeMounts:
- mountPath: /etc/nginx/ssl
name: secret-volume
- mountPath: /etc/nginx/conf.d
name: configmap-volume
Does anyone have an insight?
Thank you!
I found a solution.
It's related to https://github.com/istio/istio/issues/3548
The issue is fixed but not merged yet.
So a workaround is to add sidecar.istio.io/inject: "false"
For example
spec:
replicas: 1
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
labels:
app: nginx